Platform
python
Component
nvidia/megatron-lm
Fixed in
0.12.3
CVE-2025-23306 describes a code injection vulnerability discovered in NVIDIA Megatron-LM, a framework for large language model training. An attacker can exploit this flaw by providing crafted input, potentially leading to severe consequences such as code execution and data compromise. This vulnerability affects all versions of Megatron-LM prior to 0.12.2. A patch is available in version 0.12.2.
Successful exploitation of CVE-2025-23306 allows an attacker to inject and execute arbitrary code within the Megatron-LM environment. This could lead to complete system compromise, enabling the attacker to steal sensitive training data, modify model parameters, or even gain control of the underlying infrastructure. The potential for privilege escalation is significant, as the attacker could leverage the injected code to gain higher-level access. Data tampering could corrupt the training process, leading to biased or unreliable models. The blast radius extends to any system utilizing vulnerable versions of Megatron-LM, particularly those involved in sensitive AI model development.
CVE-2025-23306 was publicly disclosed on 2025-08-13. The vulnerability's impact, allowing code execution, shares similarities with other injection vulnerabilities, though specific exploitation campaigns are not currently confirmed. The EPSS score is pending evaluation. No public proof-of-concept exploits have been observed at the time of writing.
Exploit Status
EPSS
0.03% (7% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-23306 is to immediately upgrade to NVIDIA Megatron-LM version 0.12.2 or later. If upgrading is not immediately feasible, carefully sanitize all input provided to the megatron/training/arguments.py component. Implement strict input validation and consider using a Web Application Firewall (WAF) to filter potentially malicious requests. Monitor system logs for unusual activity, specifically looking for unexpected code execution or file modifications. While a specific Sigma or YARA rule isn't readily available, focus on detecting anomalous process behavior associated with the arguments.py script.
Actualice Megatron-LM a la versión 0.12.2 o posterior. Esto corrige la vulnerabilidad de inyección de código en el componente arguments.py. Puede actualizar usando pip: `pip install --upgrade megatron-lm`.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-23306 is a code injection vulnerability in NVIDIA Megatron-LM versions before 0.12.2, allowing attackers to inject and execute malicious code.
You are affected if you are using NVIDIA Megatron-LM versions prior to 0.12.2. Upgrade immediately to mitigate the risk.
Upgrade to NVIDIA Megatron-LM version 0.12.2 or later. If upgrading is not possible, sanitize all input to the arguments.py component.
Active exploitation is not currently confirmed, but the vulnerability's impact warrants immediate attention and remediation.
Refer to the NVIDIA security bulletin for detailed information and updates: [https://nvidia.com/en-us/security/cve/CVE-2025-23306](https://nvidia.com/en-us/security/cve/CVE-2025-23306)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.